Joined: 10 May 2005Posts: 397Location: Running down a highway in Virginia, USA.

Posted: Mon 16 Jan 2006, 20:47 Post subject:

Its my understanding that the MAC address is encoded in the chipset for your network card. Under normal circumstances, there is no reason to need to change it. Is there a reason that you need to spoof another network card?

Its my understanding that the MAC address is encoded in the chipset for your network card. Under normal circumstances, there is no reason to need to change it. Is there a reason that you need to spoof another network card?

Some ISPs track what MAC address is connected to your DSL modem, and (trying to prevent hooking up multiple PCs?) will not "talk" to a second and different device at your location (at least not without a lengthy timeout period with no device connected, or even without calling them up and asking).

So, I suppose, if you had a DSL line from such a provider, but no router and no home network, and you wanted to manually switch the DSL line from a Windows PC to a separate PC running Puppy, it might be handy to set both machines to the same MAC address.

The way to do so temporarily in Puppy would be to use the ifconfig command with the hw ether option, like this:

Code:

# ifconfig eth0 hw ether 00:E0:4C:78:65:BF

How to make that stick through reboots ... is a different question. I'll let someone else answer that part, because I've yet to investigate how Puppy stores and uses network config info myself!

Let us know if that actually works. It's my impression that the MAC address is transmitted by the modems at the hardware link level. The OS has no direct control over what the hardware sends when queried. If that's so then I don't see how you could spoof it through the OS.

See http://en.wikipedia.org/wiki/MAC_address#Changing_MAC_addresses for a little more info. It most definitely works. I've used it (or variations of it) in other Linux and *BSD machines occasionally, over a period of several years. And I tested that it worked in Puppy before posting by earlier msg in this thread.

If you need further convincing, then I suggest you read the sources for any modern NIC device driver For example, download http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.1.tar.bz2 and untar it, and then look at the driver for the Realtek 8139, at linux-2.6.15.1/drivers/net/8139too.c:

You can then note that dev_addr is the item in the struct used to keep the MAC address... grep for dev_addr and you'll find the code that reads the default MAC address for the card from its EEPROM. You don't need to understand every detail of this code (I don't!) to see that it is reading an address from the EEPROM and saving it in a kernel data structure, and then setting some device registers using those values. If necessary, you could then read the code for ifconfig and see how what it does when you pass it those parameters results in the device data structure MAC address values being changed, and so the new values being written to the NIC device registers when the device is next opened.

In the open source Linux world, if you really need to be sure whether something is true about the way Linux software works -- read the source code In general, the combination of Google (for reading documentation, tutorials, definitions, HOWTOs, etc.) and the source code make a very powerful educational tool.

Note for jh: Spoofing, or changing? Wikipedia uses "changing". In my view, "spoofing" by its very definition carries connotations of deception and imitation, which would only be the case when the supplied MAC address belongs to an existing device on your network segment, and you are trying to "deceive" the rest of your network into believing that your device is that other device.

There are other uses for this ability to change MAC address, such as testing and debugging switches (Example: How big a MAC address cache does my switch have? And what happens when it sees more MAC addresses than it can cache? An interesting experiment... but please do not try it on a production network!). So I think that "changing" MAC addresses is more appropriate terminology than "spoofing", in the general case. For a (general, not networking-specific) definition of spoofing, see http://www.answers.com/topic/spoof .

This thread is quite old, but I'm trying to do the same thing now in 2013. I found the rc.network file and have put the appropriate call to macchanger in it, but after boot the wireless MAC is still the factory MAC. If I call the script from the shell it scrambles it just fine, it just doesn't do it on boot.

This thread is quite old, but I'm trying to do the same thing now in 2013. I found the rc.network file and have put the appropriate call to macchanger in it, but after boot the wireless MAC is still the factory MAC. If I call the script from the shell it scrambles it just fine, it just doesn't do it on boot.

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot vote in polls in this forumYou cannot attach files in this forumYou can download files in this forum